What to do if your website is hacked

Internet & Security

What to do if your website is hacked


Nothing can seem more detrimental than having your website hacked.

Hackers are usually motivated by financial means and there are two ways in which they may compromise your website:

  1. Spam
  2. Malware

The first way means hackers will fill your website with spammy text and links to their website. Instead of putting the hard work in to build up their own page rankings, the hacker will jump in on yours, adding visible or hidden text and links. Spam also includes phishing, which means that hackers will divert users from your website to a fake one that looks the same, where they can steal their payment information.

The second way a hacker can compromise your website means they infect it with malicious software that can infect the computers of everybody who visits your website. This malware is often used to copy passwords, credit card details and other important things that the user types.

Hackers will search for websites with vulnerabilities that they know how to hack. If your website becomes a target, it may still appear to function normally, but underneath the surface, a deadly infection is spreading.

What to do:

  1. Inform your web host

Your website host might be able to offer assistance to recover your site. Telling them will also allow them to identify other sites that they host that may have also been compromised.

  1. Take your site offline

Taking your site offline will allow you to make admin changes safely.  It will also protect your users. Make sure you change all passwords for your website users including logins for CMS and FTP access.

  1. Use Webmaster tools

Login to Google’s Webmaster tools and follow the steps to verify your website. You may need to take your site online temporarily to do this. Once done, make sure that all user accounts are ones that are authorised by you – it’s possible the hacker may have tried to take ownership of your website.

Webmaster tools will show you the type of damage (spam, malware) and be able to give you details of the hack, so you know what’s happened.

  1. Assess damage thoroughly

This next step is advanced and we recommend getting in the experts to do it. It requires looking at each URL of your website to see exactly where it’s been compromised. There are a number of ways to do this without opening your site in a browser which could spread malware, including using tools such as Wget and cURL, or by investigating the cached pages of your website via a cache: search in Google (cache:http://www.example.com/page.html), or by using the Fetch as Google tool.

  1. Assess how your website was hacked

At this point, you’ll want to check where your website is vulnerable. Make sure you reset all passwords (and make them strong), update all software and look for all areas where the hacker could have got in. Again, this is an advanced step, so getting the experts or your host to do this will be beneficial.

  1. Fix your website

The next step is to get rid of all the spam and malware that the hacker has ungraciously placed on your website while patching any vulnerabilities. It requires technical skill to do this so again, ask the experts, but essentially you’ll need to restore a clean backup*. If you don’t have one, or certain parts are out of date, you’ll need to create a backup of the infected site, clean it, then restore it. You can then take your clean website online.

  1. Get a review

To ensure no more warnings appear to users of your website, you’ll need to ask Google to review your website. To do this, login to Webmaster tools and follow the steps. To get successfully reviewed can take a day or up to several weeks depending on how your website was hacked (spam reviews take the longest). If you receive a failed review, Webmaster tools will show you the URLs that are still compromised in order to assist you.

This recovery process is lengthy but each step is important. In future, keep all software up-to-date, reset passwords frequently and make sure all computers that can access admin areas are secure with anti-virus software.

*Best Practices for backing-up:

  • Backup before updating/upgrading your website (such as modifying an individual file, updating your theme)
  • Include the date in your backup files so you know which is the most recent backup
  • Save a backup in a location that is different to your web server. (If your web server crashes, your backup may be gone too!)
  • Check your ISP or web host’s backup policies, as well as how often they do it
  • Do regular self-backups (daily, weekly, monthly, dependent on your site’s needs), even if your web host does them for you. You don’t want to lose content!